Package "cyborg-doc"
| Name: |
cyborg-doc
|
Description: |
OpenStack Acceleration as a Service - Documentation
|
| Latest version: |
16.0.0-2ubuntu0.1 |
| Release: |
resolute (26.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
cyborg |
| Homepage: |
https://github.com/openstack/cyborg |
Links
Download "cyborg-doc"
Other versions of "cyborg-doc" in Resolute
Changelog
|
cyborg (16.0.0-2ubuntu0.1) resolute-security; urgency=medium
* SECURITY UPDATE: Authentication Bypass
- d/p/CVE-2026-40213_CVE-2026-
40214_1_Use_common_checks.check_policy_json_from_oslo.upgradecheck.p
atch:
- d/p/CVE-2026-40213_CVE-2026-40214_2_Fix_cyborg-
status_upgrade_check_tests.patch:
- d/p/CVE-2026-40213_CVE-2026-40214_3_Fix_rule-
allow_policy_bypass_on_device_deployable_attribute_APIs.patch:
- d/p/CVE-2026-40213_CVE-2026-
40214_4_Set_project_id_on_ARQ_creation_and_binding.patch:
- d/p/CVE-2026-40213_CVE-2026-
40214_5_Refactor_session_handling_and_align_test_contexts.patch:
- d/p/CVE-2026-40213_CVE-2026-
40214_6_Add_project_id_backfill_for_existing_ARQs.patch:
- d/p/CVE-2026-40213_CVE-2026-40214_7_Enforce_project-
scoped_access_for_ARQs.patch:
- d/p/CVE-2026-40213_CVE-2026-
40214_8_Require_service_token_for_bound_ARQ_operations.patch:
- CVE-2026-40213
-- John Breton <email address hidden> Thu, 04 Jun 2026 08:47:56 -0400
|
| CVE-2026-40213 |
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any |
| CVE-2026-40214 |
In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the da |
|
About
-
Send Feedback to @ubuntu_updates
